Framework Linux systems UEFI shell mm command Secure Boot bypass security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Framework shipped signed UEFI shell components on about 200,000 Linux systems with an mm command that can bypass Secure Boot, creating bootkit-loading and trust-chain risk. The flaw can let attackers overwrite gSecurity2 and disable signature verification for subsequent module loads. Framework is remediating affected releases, and users should install available updates or use temporary BIOS protections where patches are not yet available.
Related Happenings
Framework UEFI Secure Boot bypass mitigation guidance
Advisory/Mitigation
First: 14.10.2025 16:22
Last: 14.10.2025 16:22
Sources 1
How related:
Impacted users are recommended to apply the available security updates. Where a patch isn't available yet, secondary protection measures like physical access prevention is crucial. Another temporary mitigation is to delete Framework's DB key via the BIOS.
About this happening:
Framework advised impacted Linux users to install **available security updates** and use a **BIOS DB-key workaround** to limit **Secure Boot bypass** risk across about **200,000 s...
Framework UEFI Secure Boot bypass mitigation guidance
Advisory/MitigationHow related: Impacted users are recommended to apply the available security updates. Where a patch isn't available yet, secondary protection measures like physical access prevention is crucial. Another temporary mitigation is to delete Framework's DB key via the BIOS.
About this happening: Framework advised impacted Linux users to install **available security updates** and use a **BIOS DB-key workaround** to limit **Secure Boot bypass** risk across about **200,000 s...
Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)
Vulnerability
First: 12.09.2025 14:50
Last: 12.09.2025 14:50
Sources 1
About this happening:
**HybridPetya** is a newly disclosed **ransomware/bootkit** strain that exploits **CVE-2024-7344** in the **Howyar Reloader UEFI application** to bypass **UEFI Secure Boot** on **...
Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)
VulnerabilityAbout this happening: **HybridPetya** is a newly disclosed **ransomware/bootkit** strain that exploits **CVE-2024-7344** in the **Howyar Reloader UEFI application** to bypass **UEFI Secure Boot** on **...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware Activity
First: 12.09.2025 14:50
Last: 12.09.2025 14:50
Sources 1
About this happening:
**HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware ActivityAbout this happening: **HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
Timeline
-
14.10.2025 16:22 2 articles · 7mo ago
Framework Linux Secure Boot bypass disclosure
Initial DisclosureFramework shipped roughly 200,000 Linux systems with signed UEFI shell components that included an mm command capable of overwriting gSecurity2, disabling signature verification, and bypassing Secure Boot protections. The weakness can enable bootkits such as BlackLotus, HybridPetya, and Bootkitty, and Eclypsium assessed that the issue appears to stem from an oversight rather than a compromise. Framework started remediating affected releases, with available fixes and DBX updates for several Framework 13, Framework 16, and Framework Desktop variants, while impacted users were advised to install updates and use temporary BIOS protections such as deleting Framework's DB key where needed.
Show sources
- Secure Boot bypass risk on nearly 200,000 Linux Framework sytems — www.bleepingcomputer.com — 14.10.2025 16:22
- Secure Boot bypass risk on nearly 200,000 Linux Framework sytems — www.bleepingcomputer.com — 14.10.2025 16:22